a83cfc8588e308ca23086a98eb72ea9e9ab85dc46dedc0a910bda8adf05c5d47

Analysis

max time kernel
150s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
Size

89KB
MD5

22ec18e5def4d80193057ea6eb603f80
SHA1

3f495c552e19bd66dc8109a3287f8cc19d6390e6
SHA256

a83cfc8588e308ca23086a98eb72ea9e9ab85dc46dedc0a910bda8adf05c5d47
SHA512

94bc7f46c90b934e0f7ce297fd12884281f80fc93aab1c8f75a2b3bbf0f3538cf9b4579775f27a4dfca1234f589420ac1f8d1bcde1798df7171f9a21e8ae15df
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+e1tpJK///yiMZiMA:6e7WpMaxeb0CYJ97lEYNR73e+e9JynyK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5119) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyResume.dotx.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp	22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\22ec18e5def4d80193057ea6eb603f80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
90KB

MD5
5d377ed531ac438399e858dfc27ed9f3

SHA1
b792bbce43fcdc7e1e32298b0c6bf4c08c5344fd

SHA256
d5eafd6d0ec529a4d27d8eda5f89d3a4a23df53413069810ed81452679c37de9

SHA512
54c9dd4bf052cae0d3206524d8b6c049a9eb0e85b0febfa575a7bed0fc9c20b803f875fbc2e68d74e44664f67529c610d791cd367c8fb8b9f1c73b59985bf5cd

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
188KB

MD5
fb8f2cc2ac6b7c4a0c5094f112faf36b

SHA1
1e20fee3fb9c9378464d9360bd1dac32c55748e8

SHA256
c4c778e1dbaaf56038feafd7a534046a98b9e7c88e8df33c3188caefbf35d02f

SHA512
4e89a8761086be3a91921811d62ae445dca6da44e02b2a79361842030740874e554940ff4aa864ef73311c2910a9e326bb37a67d872b8cb11fbe5f3e13161721

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads